some progress...
This commit is contained in:
parent
a84600e42a
commit
5981655b54
@ -164,9 +164,9 @@ EOF
|
||||
cd "${CAROOT}"
|
||||
/root/mkcert/mkcert "*.kaz.milxc" # cert et clé dans /etc/letsencrypt/local/
|
||||
|
||||
mkdir -p /etc/letsencrypt/live/kaz.local/
|
||||
ln -s ../../local/_wildcard.kaz.local.pem /etc/letsencrypt/live/kaz.local/fullchain.pem
|
||||
ln -s ../../local/_wildcard.kaz.local-key.pem /etc/letsencrypt/live/kaz.local/privkey.pem
|
||||
mkdir -p /etc/letsencrypt/live/kaz.milxc/
|
||||
ln -s ../../local/_wildcard.kaz.milxc.pem /etc/letsencrypt/live/kaz.milxc/fullchain.pem
|
||||
ln -s ../../local/_wildcard.kaz.milxc-key.pem /etc/letsencrypt/live/kaz.milxc/privkey.pem
|
||||
fi
|
||||
|
||||
# Essai pour faire accepter la CA à FFOX dès le début
|
||||
@ -192,6 +192,16 @@ EOF
|
||||
cd snster
|
||||
./install.sh
|
||||
|
||||
# SNSTER KAZ
|
||||
cp -ar ${VAGRANT_SRC_DIR}/templates /root
|
||||
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
|
||||
|
||||
# crypto keys
|
||||
cp -ar /etc/letsencrypt /root/snster-kaz/kaz/prod/
|
||||
cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
|
||||
|
||||
# Build SNSTER KAZ !
|
||||
snster -c /root/snster-kaz -t /root/templates create
|
||||
|
||||
# clear apt cache
|
||||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
||||
|
@ -24,8 +24,8 @@ hosts:
|
||||
- bgprouter:
|
||||
asn: 20
|
||||
asdev: eth1;eth2
|
||||
neighbors4: 100.64.1.1 as 31
|
||||
neighbors6: 2001:db8:b001::1 as 31
|
||||
neighbors4: 100.64.0.1 as 30
|
||||
neighbors6: 2001:db8:b000::1 as 30
|
||||
- resolv:
|
||||
nameserver: 100.100.100.100
|
||||
domain: isp-a.milxc
|
||||
|
@ -14,9 +14,9 @@ chmod +x /clawsmail/genpasswd
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y claws-mail
|
||||
|
||||
if [ -f /clawsmail/addclawsuser.sh ]; then
|
||||
/clawsmail/addclawsuser.sh contact1 kaz.milxc toto 1
|
||||
/clawsmail/addclawsuser.sh contact2 kaz.milxc toto 2
|
||||
/clawsmail/addclawsuser.sh contact3 kaz.milxc toto 3
|
||||
/clawsmail/addclawsuser.sh contact4 kaz.milxc toto 4
|
||||
/clawsmail/addclawsuser.sh email isp-a.milxc email 4
|
||||
su debian /clawsmail/addclawsuser.sh contact1 kaz.milxc toto 1
|
||||
su debian /clawsmail/addclawsuser.sh contact2 kaz.milxc toto 2
|
||||
su debian /clawsmail/addclawsuser.sh contact3 kaz.milxc toto 3
|
||||
su debian /clawsmail/addclawsuser.sh contact4 kaz.milxc toto 4
|
||||
su debian /clawsmail/addclawsuser.sh email isp-a.milxc email 4
|
||||
fi
|
||||
|
@ -15,7 +15,7 @@ smtp IN CNAME dmz
|
||||
imap IN CNAME dmz
|
||||
www IN CNAME dmz
|
||||
mail IN CNAME dmz
|
||||
listes IN MX listes
|
||||
listes IN MX 10 listes
|
||||
listes IN A 100.80.1.2
|
||||
firewall IN A 100.80.0.1
|
||||
firewall IN AAAA 2001:db8:80::0:1
|
||||
|
@ -9,26 +9,11 @@ cd `dirname $0`
|
||||
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
||||
systemctl stop systemd-resolved
|
||||
|
||||
apt-get update
|
||||
DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
|
||||
if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
|
||||
then
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y certbot python3-certbot-apache
|
||||
else
|
||||
echo "Unsupported Debian version"
|
||||
exit 1
|
||||
fi
|
||||
DEBIAN_FRONTEND=noninteractive apt-get update
|
||||
DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2
|
||||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
||||
|
||||
|
||||
# preconfig TLS and certbot
|
||||
a2enmod ssl
|
||||
a2ensite default-ssl.conf
|
||||
echo -e "
|
||||
email=admin@kaz.milxc
|
||||
agree-tos=1
|
||||
no-verify-ssl=1
|
||||
" >> /etc/letsencrypt/cli.ini
|
||||
|
||||
# Go KAZ !
|
||||
# KAZ specific things
|
||||
#installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine
|
||||
|
@ -21,8 +21,8 @@ hosts:
|
||||
- bgprouter:
|
||||
asn: 12
|
||||
asdev: eth1
|
||||
neighbors4: 100.64.1.1 as 31
|
||||
neighbors6: 2001:db8:b001::1 as 31
|
||||
neighbors4: 100.64.0.1 as 30
|
||||
neighbors6: 2001:db8:b000::1 as 30
|
||||
- resolv:
|
||||
nameserver: 100.100.100.100
|
||||
domain: mica.milxc
|
||||
|
@ -21,8 +21,8 @@ hosts:
|
||||
- bgprouter:
|
||||
asn: 7
|
||||
asdev: eth2
|
||||
neighbors4: 100.64.0.1 as 30;100.64.1.1 as 31
|
||||
neighbors6: 2001:db8:b000::1 as 30;2001:db8:b001::1 as 31
|
||||
neighbors4: 100.64.0.1 as 30
|
||||
neighbors6: 2001:db8:b000::1 as 30
|
||||
- resolv:
|
||||
nameserver: 100.100.100.100
|
||||
domain: opendns.milxc
|
||||
|
Loading…
Reference in New Issue
Block a user